MASS API HUNT

ADVANCED JS RECONNAISSANCE FRAMEWORK

v3.0 ELITE TARGET >
01. INITIAL VECTOR

Manual inspection combined with automated browser extensions. Don't be lazy, check the source.

Manual Check

Press Ctrl+U. Search for .js manually before running any tools. Sometimes the juiciest file is right there in the head tag.

Browser Extensions

Use LazyEgg or EndPointer. They automate the extraction of JS URLs while you browse normally.

Mobile Recon

Change User-Agent to Mobile. Some sites load different JS bundles (e.g., `mobile-app.js`).

THE PIPELINE
SUBDOMAINS
GATHER URLS
FILTER JS
SCAN SECRETS
PROFIT $$$
02. MASS HARVESTING

Gathering every single JS file from Live subdomains and Archived history.

root@kali:~/recon
# 1. Enumerate Subdomains $subfinder -d cybertechajju.com -all -recursive | sort -u > subs.txt
# 2. Gather URLs (Live + Archive) $cat subs.txt | httpx-toolkit -silent | anew alive.txt
$cat subs.txt | waybackurls -no-subs | anew wayback.txt
$cat subs.txt | /home/ajju/tools/jstool/gau --threads 5 | anew gau.txt
# 3. Deep Crawl (Katana & SubJS) $cat subs.txt | katana -d 5 -jc -c 50 -o katana.txt
$cat alive.txt | subjs | anew subjs.txt
# 4. Extract Javascript Only $cat *.txt | grep -E "\.js$" | sort -u | tee all_js.txt
03. VULNERABILITY SCANNING

Using Nuclei custom templates and regex pattern matching to find secrets.

root@kali:~/recon/scan
# 1. Filter Live JS & Scan (Prevents 404s) $cat all_js.txt | httpx-toolkit -silent -mc 200 | mantra
$cat all_js.txt | httpx-toolkit -silent -mc 200 | jsluice secrets
# 2. Nuclei (Custom Templates) $cat all_js.txt | nuclei -t /home/ajju/Downloads/credentials-disclosure-all.yaml -c 30
# 3. Off-the-Shelf Tools $cat all_js.txt | cariddi -s -e -err -info
$cat all_js.txt | jsleak -s -l -k
04. PYTHON DEEP SCANNERS

Heavy logic-based analysis using Python tools (SecretFinder, LinkFinder, etc.).

root@kali:~/recon/python
# 1. SecretFinder (The Classic) $cat all_js.txt | while read url; do python3 /home/ajju/tools/jstool/SecretFinder/SecretFinder.py -i $url -o cli; done
# 2. LinkFinder (Endpoint Extraction) $cat all_js.txt | xargs -I % python3 /home/ajju/tools/jstool/LinkFinder/linkfinder.py -i % -o cli
# 3. LazyEgg (Extra Intel) $cat all_js.txt | xargs -I % python3 /home/ajju/tools/jstool/lazyegg/lazyegg.py %
05. OFFLINE ANALYSIS

Download all JS files for local, deep-dive analysis with grep or other static analysis tools.

root@kali:~/recon/offline
# 1. Download All JS Files $mkdir -p js_files && wget -i all_js.txt -P js_files/
# 2. Grep for Common Secrets (The Gold Mine) $grep -r -E "aws_access_key|api_key|jwt|slack_token|firebase|password|secret|token" js_files/
# 3. Grep for Endpoints (e.g., /api/v1/) $grep -r -E "/api/v[0-9]|/v[0-9]/api" js_files/
THE COMPLETE ARSENAL

Katana

Next-gen crawler. Much better than Hakrawler for finding hidden JS.

SubJS

Specifically designed to extract javascript links from source code.

JSLuice

Extracts endpoints and secrets using parsing, not just regex.

LinkFinder

The classic Python tool for finding hidden endpoints in JS files.

Httpx

Probe domains to filter out dead links before scanning.

Wayback/GAU

Finds "Zombie" JS files that developers forgot to delete.

Hakrawler

Fast, simple Go-based crawler for quick discovery.

SecretFinder

Regex-based secret scanner for JS files.

06. BURP SUITE WORKFLOW

How to hunt for secrets using Burp Suite's powerful interception capabilities.

Step 1: Setup

Configure browser proxy (127.0.0.1:8080). Install Burp CA certificate for HTTPS.

Step 2: Spider

Browse target normally. Burp captures all requests including JS files automatically.

Step 3: Search

Go to Target → Site Map → Right Click → Search. Use keywords: api_key, secret, token, password.

Step 4: Export

Filter for .js files → Right Click → Save selected items. Analyze offline with grep.

07. PROFESSIONAL REPORTING

How to create a bug bounty report that gets PAID.

Title

"[Severity] Secret Type Exposed in JS File at domain.com" - Be specific!

Steps to Reproduce

1. Navigate to URL 2. View source/request 3. Find the secret. Clear, numbered steps.

Impact

Explain what an attacker can DO with this secret. Data access? Account takeover? Financial loss?

Proof of Concept

Show the secret is VALID. Use keyhacks or make a harmless API call to prove it works.

Classified Intel
🦇

NIGHTCRAWLER v2.0

The Ultimate JS Weapon is coming. No more running 10 different tools. Experience the power of Deep Logic Analysis combined with Mass Subdomain Discovery.

200+
VALIDATED PATTERNS
50+
THREADS BY DEFAULT
1-CLICK
FULL RECON ENGINE
[SYSTEM] :: Initializing NightCrawler Core...
[MODULE] :: Subfinder Integration [OK]
[MODULE] :: Pattern Validator v2 [OK]
[STATUS] :: Awaiting Deployment...

ONLY FOR CYBERTECH AJJU COMMUNITY